Your message dated Sun, 23 Mar 2025 17:00:11 +0000
with message-id <e1twogf-00bbpi...@fasolo.debian.org>
and subject line Bug#1016441: fixed in kubernetes 1.31.4+ds-1
has caused the Debian Bug report #1016441,
regarding kubernetes: CVE-2021-25743
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1016441: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016441
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: kubernetes
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for kubernetes.
CVE-2021-25743[0]:
| kubectl does not neutralize escape, meta or control sequences
| contained in the raw data it outputs to a terminal. This includes but
| is not limited to the unstructured string fields in objects such as
| Events.
https://github.com/kubernetes/kubernetes/issues/101695
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-25743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25743
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: kubernetes
Source-Version: 1.31.4+ds-1
Done: Arthur Diniz <arthurbdi...@gmail.com>
We believe that the bug you reported is fixed in the latest version of
kubernetes, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1016...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arthur Diniz <arthurbdi...@gmail.com> (supplier of updated kubernetes package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 13 Feb 2025 23:44:44 +0000
Source: kubernetes
Binary: golang-k8s-kubectl-dev kubectl kubectl-dbgsym kubernetes-client
Architecture: source all amd64
Version: 1.31.4+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Kubernetes Packaging Team
<team+kuberne...@tracker.debian.org>
Changed-By: Arthur Diniz <arthurbdi...@gmail.com>
Description:
golang-k8s-kubectl-dev - Kubernetes client tools for interacting with clusters
(library)
kubectl - Command-line tool for controlling Kubernetes clusters
kubernetes-client - Transitional package
Closes: 990793 994438 1016441 1047881 1055411 1086756
Changes:
kubernetes (1.31.4+ds-1) unstable; urgency=medium
.
* New upstream version 1.31.4+ds (Closes: #1055411)
- Fix CVE-2021-25743: ANSI escape characters in kubectl output are not
being filtered (Closes: #1016441)
- Fix CVE-2020-8554: Kubernetes API server man in the middle using
LoadBalancer or ExternalIPs (Closes: #990793)
~ The version 1.20.5+really1.20.2-1 used to contain the vulnerability's
source code, but we removed it during the repack. The binary package
was not affected
- Repack to remove all source non related to kubectl (Closes: #1047881)
~ Remove folders cmd, staging, hack, docs, third_party and vendor
- Fix config use-context command segfaults from kubernetes-client
(kubectl). The autopkgtest d/t/kubectl.sh is covering that scenario.
(Closes: #990793)
* d/clean: Remove file after upstream repack cleanup
* d/compat: Remove obsolete file in favor of debhelper-compat
* d/control:
- Add dh-exec to Build-Depends
- Add Uploaders field
- Bump debhelper-compat to 13
- Bump Standards-Version to 4.7.2
- Create new binary package kubectl to replace kubernetes-client
- Declare Rules-Requires-Root to no
- Export kubectl library dev files to new binary package
- Replace current maintainer to Kubernetes Team
- Reorder Homepage field and change schema to https
- Set Vcs-* fields to Kubernetes team Salsa group (Closes: #1086756)
- Set XS-Go-Import-Path to k8s.io/kubernetes
- Set kubernetes-client to transitional package
- Update Build-Depends for the unvendorized build
* d/copyright:
- Add comment to debian/*
- Add Files-Excluded
- Bump upstream copyright years to 2014-2024
- Declare Arthur Diniz 2025 debian copyright
- Declare copyright for authors under translations folder
- Format Apache-2.0 License content body
* d/gbp.conf: Create file with dist DEP14 and debian/sid branch
* d/golang-k8s-kubectl-dev.install: Add installation file for Go source
directory
* d/kubectl.install:
- Only build shell completions if not cross-building
- Install kubectl and shell completion files (Closes: #994438)
* d/kubectl.lintian-overrides: Silence unknown-field Static-Built-Using
* d/kubectl.manpages: Install kubectl manpage
* d/kubernetes-client*: Remove deprecated binary package related files
* d/kubernetes-master*: Remove deprecated binary package related files
* d/kubernetes-node*: Remove deprecated binary package related files
* d/p/*:
- Bump evanphx json-patch library to v5
- Set LANGUAGE env variable for TestDiffProgram
* d/rules:
- Build with -buildmode=pie (except on mipsel or mips64el)
- Define version metadata and LDFLAGS variables
- Disable DH_VERBOSE by commenting it
- Generate manpages using help2man in before_dh_installman
- Include dpkg default.mk
- Include dpkg pkg-info.mk
- Override dh_auto_configure to prepare Go build environment manually
- Override dh_auto_install to skip dh_golang and handle shell completions
- Remove empty override override_dh_dwz
- Remove PATH and CGO_ENABLED variables
- Re-enable dh_auto_test by removing empty override
- Set build directory and system to golang
- Set DH_GOPKG and DH_GOLANG_BUILDPKG variables for kubectl
- Set GOPATH to _build directory
- Simplify override_dh_auto_build and delegate to dh_auto_build
* d/salsa-ci.yml: Include pkg-go-tools pipeline
* d/s/lintian-overrides:
- Silence missing Built-Using field for kubectl and
kubernetes-client
- Silence debhelper-but-no-misc-depends for
kubernetes-client
* d/tests/*: Initial autopkgtest suite
* d/u/metadata: Declared upstream metadata information
* d/watch: Use GitHub API and filter only versions like v1.*.*
.
[ Samuel Henrique ]
* d/rules: Don't install docs under /usr/share/gocode
* d/golang-k8s-kubectl-dev.lintian-overrides: Add overrides for
false-positives on test files
Checksums-Sha1:
f7bf80eabf6101b0ad523f3fd9f3911c7df3695c 3671 kubernetes_1.31.4+ds-1.dsc
55b4e09ef76b572fb784b4093d04f0f1630deaa4 3319738
kubernetes_1.31.4+ds.orig.tar.gz
af4b125779144adcc3ca255570eaf8a208325607 10796
kubernetes_1.31.4+ds-1.debian.tar.xz
5871465d2eb48578c68c45ca3b51a3b1b79e3820 2358388
golang-k8s-kubectl-dev_1.31.4+ds-1_all.deb
178d96c3066506d121d2c26386fc5c07a4f4ec9f 17314444
kubectl-dbgsym_1.31.4+ds-1_amd64.deb
188ec11ffcedaf5eb775a510102b306f4a49963f 16108296 kubectl_1.31.4+ds-1_amd64.deb
e49153f4208a26c7631ac3baa974da24b86db3b3 92404
kubernetes-client_1.31.4+ds-1_amd64.deb
744b46d58fe08a2c6325a18571e051c6f2ef7483 17143
kubernetes_1.31.4+ds-1_amd64.buildinfo
Checksums-Sha256:
25cfdf48f67efff8805b09d5937ec6cfc7e2997dce3e3bd2c3660815a1b956f4 3671
kubernetes_1.31.4+ds-1.dsc
c36e61d3bf2fb4b5513fa2006ad267e4faa0bea17d4b01fb955cbba68b607a21 3319738
kubernetes_1.31.4+ds.orig.tar.gz
32527a4ded931f1643512b9115b87d17692d522ad431dc1b4a1bb042c5550071 10796
kubernetes_1.31.4+ds-1.debian.tar.xz
25ab7d58cd7ae7ec1f566baf2538badeb8f9cdd36a721d228cac2d5c878f0e78 2358388
golang-k8s-kubectl-dev_1.31.4+ds-1_all.deb
d52d57e8883ac8b92ef2a4b6ea422a911e9d45a2e0ce34ced35c772d2fba6a10 17314444
kubectl-dbgsym_1.31.4+ds-1_amd64.deb
fb4782112fa7e88a36ca1d0593441b288ee0b1028145b9f650b1b27c9e4a3000 16108296
kubectl_1.31.4+ds-1_amd64.deb
241ee54b9077008c1389340314dd6e7f80871ecab041668158ff2822bf781acc 92404
kubernetes-client_1.31.4+ds-1_amd64.deb
54f0b345980f6f62477dc8442c60ccdcd3e698fb2654d40f2d9824142fbff010 17143
kubernetes_1.31.4+ds-1_amd64.buildinfo
Files:
d3345809625c1364d8013e9defc1eb85 3671 admin optional kubernetes_1.31.4+ds-1.dsc
d511adf6504360466da91d8256cd963f 3319738 admin optional
kubernetes_1.31.4+ds.orig.tar.gz
3f4671434c44596e2b3c80239373a5df 10796 admin optional
kubernetes_1.31.4+ds-1.debian.tar.xz
60b2d686a24b59f8181dd7502bc08c90 2358388 golang optional
golang-k8s-kubectl-dev_1.31.4+ds-1_all.deb
669728664ba626ff9ae89c3cc2297a01 17314444 debug optional
kubectl-dbgsym_1.31.4+ds-1_amd64.deb
8d37be977e7ad0bf956599df28ce4934 16108296 admin optional
kubectl_1.31.4+ds-1_amd64.deb
08416deb1d1f42f9ce55b4f4c80c333a 92404 oldlibs optional
kubernetes-client_1.31.4+ds-1_amd64.deb
4a3dbfc2101d3c1b4976a5d3eeb6ac96 17143 admin optional
kubernetes_1.31.4+ds-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmfezMMACgkQu6n6rcz7
RwflVBAAzN/0E9Gw2pR32932iOfqzvy89OqCAWzklREKAGZmQ5ibl9imIQ8f3WXm
SAjRdHByEaFyT+PrSGa7byfalH/2wz5BJIk/Jdqk1eGwQfALZeESNW5VbmaCbmTM
ZTBaFCORxkEVXXgrt8ROe9PaNDbICPh+6gXjJy0Slq4NR1jz6KxgMXzPApge0BE/
Vnr90lhzsYVgsjv0XrNKgKIZIHwut+cdQvMmjph2Txt38ZRWNUQ4b7E/iCWycOjL
s4Eok8h8mYW1NqlXd98RQpYqAgdPBlD9U8bXbRlTZT5axLYxRA1L5aqDRUADqyX7
j/F3o2+SNOQ4gvcGmYOCodGfgo8l/oHV7Tdq7Ug3eX3ERThCToeT79uaKowAaKao
/t6/ZgFwIvv1N8Mo5Z+mUOLPpmHrdXFttnqVrh2Knj0HoNzKD0+XPARQgvv86Las
J8iDdqkg2l6vUfTxyas8knGmUbb779qVpwBX6c25SJ7eHmZpsa7oefLQ98ME7fDX
jhrFipwV4UnKWe4rWrgW9PvMkxCQYt1F0XU0+7P807L2abd0gDRrb/yioS8krtAb
XZw6uxwKGyKvAVCjzKoNBoOV2viEI28gCfTEOukUovp101hHKXscgRK6gMN7TNSq
AgVss0bxc3diZ9p+E1vDhzrIJdr0j1j1JhEtcYlhM0tshoyXOWc=
=SKIi
-----END PGP SIGNATURE-----
pgpbB_MdxCbEI.pgp
Description: PGP signature
--- End Message ---
